Management Assessment Tool (MAT) Last revised September 12, 2018

The MAT has been designed to assist administrators/managers with the annual certification process. As someone with administrative or supervisory responsibilities, you have a stewardship responsibility to:

  • Support and enhance the mission of UTSA
  • Ensure that the University fulfills its legal and financial obligations to internal and external stakeholders
  • Safeguard the University's financial, human, information and physical assets
  • Create an atmosphere that encourages all members of the University community to contribute to the overall excellence of the University.

Overview Fiscal Management Purchasing
Historically Underutilized Business (HUB) Business Services Contracts Capital Assets Management 
Gifts Human Resources Equal Employment Opportunity Compliance
Environmental Health, Safety and Risk Management UTSA Police Key and Card Access
Emergency Preparedness Information Security  

 

STATEMENT/QUESTION RESOURCES BEST PRACTICES/SUGGESTIONS
OVERVIEW

1. All employees paid from my Cost Center(s)/Project ID(s)/Project ID(s) for which I am the Department Manager have completed their required compliance training (SCT2018).

My Training

HOP 9.40 - General Compliance Training
  • Emphasize to all employees the importance of completing online compliance training. Employees will be notified via email when training has been assigned and will be given a deadline to complete the training. Supervisors and Vice Presidents will be notified of non-completion.
  • New employees will be assigned training within 30 days of hire.
  • As of January 2011, existing employees are required to complete refresher training every other year, depending on employee's reporting structure.
  • Student employees are required to take compliance training as well.
  • It is important that email addresses in UT Share/PeopleSoft are accurate so employees receive their training notifications.

 


2. I am aware and all employees paid from my Cost Center(s)/Project ID(s)/Project ID(s) have been informed that ethical or legal concerns raised by employees or students should always be taken seriously and should be referred to the appropriate office at UTSA for handling.

UTSA Standards of Conduct Training (review only)

HOP 4.01 - Code of  Ethics

HOP 4.31 - Conflicts of Interest

HOP 1.33 – Conflict of Interest, Conflict of Commitment and Outside Activities

 


3. I am aware it is important to have measurable written goals and objectives for my area/department.
 
  • Define department/area mission statement.
  • Develop long-term strategic goals.
  • Develop measurable annual goals based on your department’s mission and strategic goals.
  • Create an action plan to achieve annual goals.
  • Communicate goals and action plan to all employees.
  • Evaluate action plan and goals annually.
  • Provide new employees with an orientation regarding their duties and responsibilities. An On-the-Job Orientation Checklist is available on the Human Resources Website.

 

4. I am aware that it is important to have written procedures for critical systems/processes in my area/department.

 

 
  • Identify critical operations.
  • Develop written procedures and review and update them annually.
FISCAL MANAGEMENT
GENERAL   Top

5. My area/department has a system for reviewing/reconciling Cost Centers/Project IDs on a monthly basis to determine whether the University’s accounting records match my area’s/department’s records. Procedures are in place to ensure appropriate action is taken in the event errors and/or unauthorized transactions are identified, and all Cost Center/Project ID reviews/reconciliations are dated and signed by the preparer and the reviewer.

 

UT Systemwide Policy UTS142.1
- Policy on the Annual Financial Report

Financial Management Operational Guideline (FMOG) – Monthly Financial Report Reconciliation Process

FMOG - Monitoring Plan for Segregation of Duties and Reconciliation of Accounts

FMOG - Procard Program

Training for Monthly Financial Report reconciliation
(see the Accounting section)

 

  • Department Managers should have a working knowledge of their budgets (information can be viewed in UTShare/PeopleSoft).
  • Implement a departmental system for tracking and reviewing departmental expenditures and revenue. The type of system used may vary depending on the complexity of the department’s Cost Center(s)/Project ID(s). Review the training and other resources provided in the Accounting section of the Financial Affairs training website, and also in Financial Management Operational Guideline (FMOG) - Monthly Financial Report Reconciliation Process.
  • If possible, assign different individuals the responsibility for entering data into the departmental system and reconciling the departmental system to UTShare/PeopleSoft.
  • Check departmental reviews/reconciliations monthly and ensure all transactions are appropriate and there are no misstatements or omissions.
  • Ensure errors are corrected immediately.

6. My area/department is structured so that one person does not create, approve, and reconcile transactions. If I do not have the staff to adequately segregate these duties, I understand that as Department Manager I must take a more active role in monitoring my area/department’s Cost Center(s)/Project ID(s).

FMOG - Processing Cash Payments

FMOG - Monitoring Plan for Segregation of Duties and Reconciliation of Accounts

UT Systemwide Policy UTS142.1
Policy on the Annual Financial Report

 

  • Proper segregation of duties in a department ensures no single individual handles all aspects of a transaction or business process, thus reducing the possibility of undetected errors or fraudulent activity.
  • Ensure no single individual handles all phases of a transaction (e.g., creates, approves, and reconciles).
  • Proper segregation of duties is essential for reducing the risk of fraud in a cash operation. Having one person in charge of all phases of a cash operation is risky - there should be at least two sets of eyes on every transaction. Ideally you should ensure the individual responsible for record keeping (e.g., reconciling cash/checks received to cash register tapes, registration or other income records) is different from the person who has custody of the cash/checks (opens mail, prepares deposit, etc.). In small departments this can be a challenge; however, there are ways to compensate if you cannot fully segregate duties (e.g., have someone outside of the process analyze sales and deposits for reasonableness or monitor for unusual trends).

 

7. There is a process in my area/department for reconciling cash and check income records to deposit documentation.

Note: Areas/departments accepting funds on behalf of UTSA must have an authorization request on file with the Office of Financial Services and University Bursar.

FMOG - Processing Cash Payments

FMOG - Cash Handling and Management

Departmental Cash Handling Request Form

 

  • A department that receives cash and/or checks should have a system in place for recording those receipts (e.g., cash register or log).
  • Cash register logs should be compared to actual deposits on a routine basis to ensure all income is being deposited.
  • Income trends should be analyzed to determine whether actual income matches expected income.
  • Receipts should be issued for all in- person transactions, and the department should maintain documentation that a receipt was provided.
  • To reduce manual cash and check processing, contact The Office of Financial Services to find out more about the new product, Marketplace, which can be customized to serve as an eCommerce website for your event/department.

8. Cash/checks are adequately secured at all times, access is restricted to the extent possible and checks are immediately endorsed when received.

Note: Areas/departments accepting funds on behalf of UTSA must have a security policy on file with the Office of Financial Services and University Bursar.

 

FMOG - Cash Handling and Management

Departmental Cash Handling Security Policy
  • As a minimum requirement, keep cash/checks locked in a drawer or a safe at all times.
  • Establish accountability for cash/checks by limiting access to the key or combination to as few individuals as possible.

9. Cash and checks received totaling $500 or less are deposited with Fiscal Services once per week, and cash and checks received totaling over $500 are deposited within one business day.

UT Systemwide Policy UTS166- Cash Management and Cash Handling Policy

FMOG - Cash Handling and Management

FMOG - Processing Cash Payments

 

  • Depositing cash and checks timely is key to reducing the risk of theft and should be a priority when organizing employees’ duties.
PURCHASING   Top

11. Procard purchases on my Cost Center(s)/Project ID(s) comply with UTSA requirements and restrictions for using the Procard.

FMOG - Procard Program

AM0562 Procard Compliance & Processing using
  • Managers should have a working knowledge of Procard policies and procedures.
  • Managers should be aware of Procard limits and restrictions as described in FMOG - Procard Program and should ensure cardholders are aware of these items as well.
  • Maintain a transaction log and retain adequate supporting documentation as required by FMOG - Procard Program for all Procard purchases.
  • Suspected misuse of the Procard should be reported to the Procard/Travel Card Administration (PTCA) office immediately.
  • Review all Procard transactions to ensure they are reasonable and appropriate for the purpose/mission of the department/unit prior to approval in UTShare PeopleSoft. Unusual transactions should be questioned and investigated.
  • Ensure sales tax is not charged on Procard transactions.
  • Approve Procard transactions in UTShare PeopleSoft before the designated date.
  • Submit a completed Card Maintenance Request to PTCA for requested changes to an existing Procard (e.g., limits, default cost center, card cancellation).
  • Establish and document the departmental Procard control environment and retain a copy with the Procard transaction logs. Documentation must be readily available for audits and reviews.
  • Ensure that employees who make Procard purchases attend initial Procard training (followed by subsequent refresher courses) as required. MyTraining provides a number of training classes concerning purchasing procedures MyTraining provides a number of training classes concerning Procard procedures. MyTraining can be accessed online or by calling HR Training and Development at 458-4658.
  • Contact the PTCA office by email at procard.travelcard@utsa.edu or by telephone at 458-7993 if you have questions or problems with the Procard.

 


12. All employees who procure goods and services on my Cost Center(s)/Project ID(s) attend purchasing training prior to placing orders on the system.

Purchasing Department Website

CT0990 Rowdy Exchange Procurement Requester Training
  • Department Managers should have a working knowledge of purchasing policies and procedures.
  • Employees are stewards of University funds; therefore, purchases must be business related and consistent with the department’s mission.
  • If possible, to ensure proper segregation of duties, the person making purchases should not also reconcile the Monthly Financial Report.
  • Ensure that employees who perform purchasing duties attend initial purchasing training (followed by subsequent refresher courses) within 30 days of starting employment. MyTraining provides a number of training classes concerning purchasing procedures and the use of Procards. MyTraining can be accessed online or by calling HR Training and Development at 458-4658.
  • Emphasize the importance of following purchasing regulations.
  • Ensure supporting documentation is filed and maintained in accordance with the UTSA Records Retention Schedule - https://www.utsa.edu/openrecords/docs/Retention Schedule SLR 105 - UTSA 03-2018 (amended).pdf
  • Utilize the UTSA Procard for purchases under $15,000 when possible (items purchased must comply with Procard regulations and restrictions).
  • Notify the Purchasing Office immediately when discrepancies or problems occur with vendors or contractors. Call the Purchasing Office if you have questions.

 


13. There is a process in my area/department to ensure the Purchasing Department handles all purchases $15,000 and over. I am aware and have informed all employees paid from my Cost Center(s)/Project ID(s) orders cannot be split to avoid these dollar requirements.

Purchasing Department Website

Contract Management Handbook

  • Maintain adequate supporting documentation for all purchases in the event of an audit or other requests for information.
  • Ensure employees who initiate and approve transactions are familiar with guidelines and restrictions for different Cost Center(s)/Project ID(s).
  • Expenditure transactions and related vouchers must be independently reviewed for completeness, accuracy, and compliance with University policies and in agreement with supporting documentation before being approved for payment.
  • Standardize specifications and requirements for commodities and services where possible.

 


14. When goods are delivered directly to my area/department receipts are immediately created in the receiving system to ensure goods are verified. I am aware of the receiving process and have informed all employees paid from my Cost Center(s)/Project ID(s) that the area/department could be subject to interest penalties when vendors are not paid within 30 days.

Central Receiving Website
  • Ensure employees who receive goods in your department are aware they should create receipts in the UT Share/PeopleSoft system immediately to ensure timely vendor payments. Departments may incur monetary penalties under the Prompt Payment Law if vendors are not paid within 30 days.
  • If goods delivered to a department are damaged or are not what was ordered, the supplier should be contacted immediately. Disbursements and Travel Services should be notified once the vendor has remedied the situation to your satisfaction so the vendor can be paid.
  • Ensure items are inspected and counted prior to signing and dating the receiving report/form from the vendor.
  • Departments should have a system for tracking outstanding purchase orders, e.g. an internal filing or accounting system.

 

HISTORICALLY UNDERUTILIZED BUSINESS (HUB)   Top

15. My area/department is committed to the University’s goal of doing business with Historically Underutilized Businesses (HUBs) and I ensure HUBs are considered in the selection of vendors and contractors paid from my Cost Center(s)/Project ID(s).

UTSA HUB Program Website

UTSA Purchasing Department Website

HOP 9.26 - Historically Underutilized Business Program

 

  • Gain a working knowledge of UTSA’s HUB Mission Statement.
  • Take steps to ensure HUB vendors are utilized whenever possible on purchases under $15,000.
  • When applicable, utilize HUB information provided by the HUB Office or the Purchasing Office to make purchasing decisions.
  • Partner with the HUB Office to identify and invite HUBs to make presentations on future contracting opportunities.
  • HUB vendors can be found on the State of Texas Centralized Master Bidders List (CMBL) maintained by the Texas Comptroller’s Office http://www.window.state.tx.us/procurement/prog/cmbl/ or the UTSA HUB Office Website at http://utsa.edu/hub/
BUSINESS CONTRACTS   Top

16. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that only the President and person(s) with specific written delegation of authority from the President have authority to bind the University to a contract.

Regent’s Rules No: 10501

UT Systemwide Policies: UTS145, Processing of Contracts

UTS126, Processing of Space Lease Agreements

UTSA Business Contracts Office Website

  • Ensure contracts comply with applicable UTSA and UT System contracting policies and procedures, including the Board of Regents’ Rules and Regulations related to contract delegation.
  • The Board of Regents’ Rules and Regulations require that all contracts be approved by the President or his/her official, authorized delegate (ref. Series 10501, §§ 5 & 6). Only an individual with a written delegation of authority from the President may execute and deliver contracts on behalf of the University. A University contract without an authorized signature may be invalid and unenforceable.

Resources and offices for processing contracts are:

 

CAPITAL ASSETS MANAGEMENT   Top

17.Ensured that all UTSA property acquired (through purchase, transfer, or gift) assigned to my area/department is used for approved University purposes and not for personal gain or in competition with private enterprise.
  • Ensured an Inventory Contact Person (ICP) or person(s) was designated to physically locate, scan and complete the Annual Physical Inventory (API) for all controlled/capital property on my DeptID(s) annually (each fiscal year).
  • Ensured capital/controlled property was accessible at all times for internal/external audit/equipment reviews throughout the year to test fixed asset controls.
  • Certified the completion of the Annual Physical Inventory (API) of all capital/controlled property in my area/departments, centers, and designated office during each fiscal year.
  • As the Department Administrator, I delegated INSIGHT access to the ICPs to information relating to capital/controlled computer resources to aid in completing the Annual Physical Review.

State Property Accounting Fiscal Policies & Procedures - Chapter 2 - General Policies

HOP 8.02 - Property Accounting Responsibilities

FMOG - Property and Equipment Management and Control, Capital Asset Property Accounting

FMOG - Property and Equipment Management and Control, Administration and Management of Capital Assets & Controlled Property

 

  • Ensure the Annual Physical Inventory (API) of all capital / controlled property in the area/department is conducted/completed each fiscal year.
  • Appoint UTSA staff/faculty member(s) as the Inventory Contact Person (ICP) or persons, to be responsible for daily oversight of the department’s inventory and to perform the Annual Physical Inventory.
  • Ensure the primary and alternate ICP are identified at the beginning of each fiscal year for each Dept ID within my administrative unit and the ICP Appointment Form is submitted to the Inventory Department. NOTE: All designated ICPs must attend mandatory inventory training annually prior to conducting the department’s annual inventory.
  • The Inventory Department will determine what type of training is needed (initial or refresher) and contact the ICP(s) to schedule that training.
  • The Inventory Department will submit the UT Share Support and Sustainment Center (SPOC) ticket to ensure ICP(s) have access to inventory records for each Dept ID he/she is responsible for tracking, scanning, reporting and updating locations and custodians.
  • Ensure the ICP(s) are in the notification loop on all Employee Separations so that custodial updates in PeopleSoft can be processed.
  • Ensure only UTSA barcodes physically affixed to departmental capital and controlled items are scanned; ensure staff do not scan barcodes from paper documents.
  • Ensure your department’s Annual Physical Inventory is conducted, completed and inventory documentation is reviewed PRIOR to signing the mandatory Certification of Departmental Annual Physical Inventory.
  • Ensure a duplicate copy of all inventory documentation is maintained for the department and is used as a management tool to control capital/controlled property throughout the year; these files may be subject to varying Internal/External Equipment Reviews.
  • Delegate ICP(s) InSight authority to manage capital/controlled and non-inventoried property.
  • Although not required by policy, it is a good management practice to structure duties so that the individual maintaining inventory records does not also perform the annual physical inventory (if staffing permits).

 

18. I promote responsible stewardship of UTSA property within my area/department  by ensuring appropriate inventory forms are prepared, maintained, and that inventory records are updated in a timely manner. In addition, all employees paid from my Cost Center(s)/Project ID(s) have been informed that during the annual physical inventory each UTSA (faculty/staff) employee assigned capital/controlled property under my DeptID(s) must:

    • Keep property in good working condition.
    • Be sufficiently and appropriately trained on the use of the equipment.
    • Inform the ICP(s) of changes to the location or status of inventoried equipment to include equipment upgrades, trade-ins or enhancements.
Sign the Pre-Inventory/Custody listing for all capital/controlled property assigned for which they are responsible for.

 

HOP 8.02 - Property Accounting Responsibilities

FMOG - Property/ Equipment Management and Control, Capital Assets Property Accounting - Inventory Forms and Pre- inventory/Custody List

  • Ensure that UTSA (faculty/staff) employees assigned custodianship of capital/controlled property have been fully trained on the use of that property and are aware of their responsibilities for the safeguarding, care and reporting changes, trade-ins, upgrades, enhancements, etc. to the designated ICP(s) made to that equipment.
  • Ensure the ICP(s) maintains inventory forms, records and all inventory related support documentation for all property owned by the department.
  • UTSA Inventory Forms are available on the Inventory Webpage that relate to managing UTSA - owned capital/controlled property.
  • Ensure that all UTSA (faculty/staff) employees sign the Pre-Inventory/Custody Listing or inventory-tagged departmental property which they are responsible for, before signing the annual certification.

19. Capital/controlled property vulnerable to theft, loss, damage or misuse in my area/department is adequately safeguarded in locked cabinets and locked rooms.

HOP 8.02 - Property Accounting Responsibilities

FMOG - Capital Asset Property Accounting- Roles and Responsibilities

 

  • Emphasize to all employees the importance of vigilance to prevent loss of or damage to UTSA property and identify those responsible for such damage whenever it occurs.
  • Ensure Capital/Controlled Property and other items vulnerable to theft (laptops, tablet computers, projectors, etc.) are in locked rooms or cabinets when not in use and limit the number of individuals who have keys/access.

20. In the event that capital/controlled property is reported Stolen/Recovered or Missing/Reinstatement, I and/or an employee in my area/department will notify the UTSA Police, the UTSA Property Manager and the Inventory Department within 24 hours of discovery. In addition, I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that they may be held personally liable for lost/stolen capital/controlled property if:
  • Reasonable care was not exercised in the safekeeping, maintenance and service of the property; or
  • The loss occurred as a result of an intentional wrongful or negligent act.

 

HOP 8.02 - Property Accounting Responsibilities

University of Texas at San Antonio - Police Department - Support Services Division

FMOG - Administration and Management of Capital Assets & Controlled Property –  Stolen UTSA Property
  • Ensure employees are familiar with rules regarding accountability for University property.
  • Ensure all Stolen and Missing capital/controlled property is reported to the UTSA Police Department at 458-4242, Support Services Division, Criminal Investigations Section and an Officer will be assigned to investigate.
  • Ensure a Stolen/Recovered Property Report or Missing Property/Reinstatment Report with an attached copy of the Police Report (university, local, abroad, etc.) or UTSA PD Dispatch Entry number is completed/submitted to the UTSA Property Manager for negligence review.
  • Ensure all previously reported missing or stolen capital/controlled property that is later FOUND is promptly reported to the UTSA Police Department to suspend their investigation and to the Inventory Department for physical for verification, recovery and reinstatement processing.

21. I or my ICP(s) ensure separating employees, paid from my Cost Center(s)/Project ID(s), have returned all capital/controlled property assigned to them and have been cleared by the ICP.

 

 
  • Ensure separating employees are cleared by the designated ICP(s), so that any capital/controlled property assigned to him/her can be reassigned to a new user in PeopleSoft prior to final clearance confirmation.

22. Faculty/Principle Investigators who are departing the University that request to transfer or purchase UTSA-owned capital/controlled property for continuing research, are aware that this request must be approved PRIOR to removing any capital/controlled property from the University campuses.

HOP 4.14 Separation of Employment for UTSA Personnel

FMOG - Administration and Management of Capital Assets & Controlled Property - Human Resources Employee Separation Process

 

  • Ensure (outgoing) Faculty requesting to transfer capital/controlled property to other state agencies, do not remove any capital/controlled property from the university until the request has been final approved by the UTSA Property Manager.
  • Ensure capital/controlled property remains secured until approval is granted or denied.
  • Note: Property transfers from/to a Non-State and Out-of-State agencies, colleges, universities, private organization etc. are subject to federal/state restrictions and costs.
  • Ensure a State Property Transfer Receipt Form is initiated and completed to document these transfers.

23.All employees (faculty/staff) paid from my Cost Center(s)/Project ID(s) have been informed that removed capital/controlled property from University premises under their care that he/she:
  • Assumes legal and oversight responsibility for the care of that capital/controlled property and that a Removal of Equipment form must be completed and approved BEFORE physically removing that property.
  • Capital/controlled property must be made available for annual scanning.

University-owned property taken off- campus or abroad (travel outside the U.S.) must ensure that property is returned to my area when no longer used for University business.

 

HOP 8.02 - Property Accounting Responsibilities

HOP 10.01 - Export Controls

UTSA Export Control For Researchers, Research Integrity Guidelines, Export Control

FMOG - Administration and Management of Capital Assets & Controlled Property – Removing Equipment from UTSA Premises

 

  • Ensure a Removal of Equipment Form (ROE) have the final approval signature of the authorized Department Manager before any property is removed from University premises.
  • Ensure capital/controlled property leaving the country is cleared by the Office of Research Integrity and annotated on the Certification of Temporary Export of UTSA Property and Review of U.S. Export Control Regulation form and Removal of Equipment Form (ROE) in advance of foreign travel.
  • Ensure capital/controlled property removed from university premises is used only for university business purposes.
  • Ensure ICPs maintain an accurate log(s), a copy of the approved ROE form for all departmental capital/controlled property removed from UTSA premises, and ensures that property is returned and new/renewal forms are submitted annually.

24. Capital/controlled (restricted commodities) property were not purchased with the UTSA Pro card. Capital/controlled property were not purchased with personal credit cards for subsequent reimbursement, without PRIOR approval.

HOP 8.02 - Property Accounting Responsibilities

FMOG - Non-Payroll Disbursements - Procard Program Limits and Restrictions

 

  • Ensure Procard cardholders are trained and familiar with the rules that capital ($5000/above) and controlled property are restricted commodities and cannot be purchased with the Procard, and the use of “Personal” credit cards for subsequent university reimbursement.

25. Any unused, obsolete, or nonfunctional University property that is surplus to the needs of my area/department are transferred to the University’s Surplus Property Department on a completed Surplus Property Turn-In Form coordinated through my area/departments ICP and signed by the Department Manager for the DeptID. I and/or an authorized employee in my area assures Cannibalized property for parts are used according to University procedures, and have received approval prior to removing such parts, and prior to scheduling them for surplus pick-up.

HOP 8.02 - Property Accounting Responsibilities

FMOG - Non-Payroll Disbursements - Procard Program Limits and Restrictions

 

  • Ensure employees do not dispose of university property by any means, other than a transfer to the Surplus Property Department for further handling, via the Surplus Property Turn-In Form.
  • Ensure employees do not store surplus, obsolete, broken, or damaged property in building fire lanes and/or egress/ingress areas.
  • Ensure employees do not cannibalize university capital/controlled property or personal property without prior approval of the Inventory and Surplus Property Department.
  • Ensure cannibalized parts are tracked, as they are subject to audit/review.
GIFTS   Top

26. All gifts to the University shall be deposited within 24 hours of receipt with the gift services unit of the Office of External Relations. All campus units are to deliver cash/checks/credit card gifts and other cash equivalents along with a completed Gift Processing Form and all related documentation from the donor to the Office of Advancement Services. When the gift is deposited, the donors will receive a tax receipt and an acknowledgment letter thanking them for his/her gift from our donor relations/development officer. In-Kind gifts are processed using the Gift In-kind Acceptance form which is processed through the respective Dean’s office and delivered to Office of Advancement Services for completion. Receipts and acknowledgment letters are issued in conjunction with the formal acceptance of in- kind gifts. Note: For UTSA purposes, "gifts" are described as "a contribution of cash or gift-in-kind in which the donor voluntarily gives us all control of the asset to the University for its benefit."

 

Regent’s Rules No: 60101

HOP 9.23 - Procedures Governing Private Gift Solicitation

UTSA Office of External Relations

  • Review information on UTSA's Office of External Relations Website.
  • Department Managers should have a working knowledge of gift policies in the HOP and Regents’ Rules (see web links provided)
  • Ensure designated employees know where to find and how to fill out the Gift Processing Form and the Gift In-Kind Acceptance Form.
  • Ensure employees know contact information for the Unit/College Development Officer (if applicable) or the Office of External Relations.
  • Procedures for receiving gift checks should be followed in the same manner as any cash and/or check transaction, e.g. segregation of duties, log, etc.
  • Use the Gift Transmittal List Form to record gifts delivered to the Office of Operations and Advancement Services; this is the delivery receipt vehicle.

27. There is a process in my area/department to ensure each donor receives a tax receipt. Office of External Relations then issues an acknowledgment letter thanking the donor.
 
  • The Department Manager and the Director of Endowment Compliance and Gift Services work together to manage gift Cost Center(s)/Project ID(s) and reconcile data with UTSA Fiscal Services.
  • There are written procedures on managing gift Cost Center(s)/Project ID(s).
  • Files are kept current, organized and easily identifiable in electronic Form. Copies of gift documentation are scanned and confidential information is redacted. Access to this information is restricted and not readily accessible to non-departmental staff.
  • Files contain copies of the Gift Processing Form, any correspondence from the donor, check, and department chair/director’s acknowledgment letter. (All original documentation is forwarded to the Office of External Relations.) All credit card or bank account numbers are removed or hidden on retained paperwork.

28. There is a process in my area/department to keep track of all gift Cost Center(s)/Project ID(s) for which we are responsible and ensure that current files are maintained.

 

 
See above #26.

29. All gift Cost Center(s)/Project ID(s) for which I am responsible are maintained with current information and all expenditures from these Cost Center(s)/Project ID(s) are in accordance with the donor’s wishes. Cost Center(s)/Project ID(s) managed by other units are periodically monitored for compliant expenditures.

Regent’s Rules No: 60101
  • Designate an employee to manage gift Cost Center(s)/Project ID(s).
  • Document policies/procedures for expenditures including donor’s intentions for each gift Cost Center(s)/Project ID(s).
  • Ensure employees know policies and procedures regarding appropriate expenditures.
  • Prior to approving expenditures from gift Cost Center(s)/Project ID(s), ensure the expenditure is in compliance with the donor’s intentions.
  • Randomly sampled gift cost centers expenditures are reviewed to ensure the expenditures made are in compliance with the donor’s intentions.

 

HUMAN RESOURCES   Top

30. I complete and document annual performance evaluations for all employees reporting directly to me and I have a process in place to ensure annual performance evaluations are performed for all other employees who are paid from my Cost Center(s)/Project ID(s).

HOP 3.01 - Annual Non-Faculty Performance Evaluation Program

HOP 2.11 – Annual Faculty Performance Appraisal for Merit Consideration

UTSA Human Resources Standard Evaluation Forms

http://www.utsa.edu/hr/forms.html
  • Every supervisor is expected to conduct an annual performance evaluation for all regular Classified and Administrative and Professional employees that report to them. Standard Evaluation Forms are available on the Human Resources website.
  • Evaluations should be completed no later than the first work day in March of each year covering the period Feb 1st of the previous year through Jan 31st of the current year.
  • Place the original evaluation form in the employee’s departmental personnel file, provide a copy to the employee and send a copy to the Human Resources Department.
  • Ensure probationary employees are evaluated during the first six months of employment. A probationary evaluation should be conducted on the 30th, 90th, and 160th day of employment. Results of these evaluations should be the basis for retention or release of the employee. Probationary Evaluation Forms are available on the Human Resources website.
  • Develop performance standards for all positions (you may consult with your employees when developing standards for the position).
  • Communicate the standards for the position to the employee upon hire and at the onset of the evaluation period.
  • When evaluating an employee, consider the employee’s performance in the position in relation to the standards previously set by the supervisor.

 


31. My area has a process in place to record and track hours worked by hourly employees paid from my Cost Center(s)/Project ID(s), including ensuring overtime and other non-work hours are appropriate and approved in advance by a supervisor.

Payroll Office Website Payroll Forms

Payroll Calendar (Monthly)

Payroll Calendar (Semi-Monthly)

  • Time sheets/cards should be used to record hours worked for hourly employees and are available on the Payroll Website: hourly employee time card.
  • Time sheets/cards should be signed and dated by the employee and supervisor and kept on file in the department.
  • Hourly employees are generally paid on a semi-monthly basis. Ensure that the electronic payroll voucher is created and approved by the payroll deadline on the payroll calendar (month or Semi-Monthly).

 


32. There is a process in my area/department to ensure overtime and other non-standard work hours are appropriate and approved in advance by a supervisor.

HOP 4.12 - Overtime for Non-
Exempt Employees
  • Whenever possible, notify employees in advance when business demands require they work non-standard or overtime hours.
  • Develop a departmental procedure for requests to work additional or nonstandard hours (explanation for supervisor, supervisor’s approval, etc.) and maintain copies of documentation.

 


33. My area has a process to manage employee leave for employees paid from my Cost Center(s)/Project ID(s) that achieves the following:
    • Employee workdays are monitored and leave balances are routinely reviewed by someone in their management chain.
    • Vacation, sick leave and compensatory time balances are reconciled and entered to PeopleSoft on a weekly basis.
    • Leave balances (vacation, sick and compensatory) are available online to employees via the Employee Self Service (ESS) module.

     

 
  • Ensure the department keeps copies of appropriate documentation/records.
  • Employees are encouraged to review their leave balances in Employee Self Service for accuracy.

34. All qualified job applicants are considered and HR guidelines for determining the best- qualified applicant are followed when hiring employees paid from my Cost Center(s)/Project ID(s).

HR Recruitment Guidelines

HOP 9.21 - Records and Information Management and Retention
  • A set of job related interview questions should be prepared in advance of the interviews.
  • Interview questions should be designed to permit a fair and objective evaluation of each applicant and consist of objective, job-related inquiries.
  • Each applicant should be asked the same questions; all responses should be recorded in writing. A list of acceptable questions can be found at: Sample Interview Questions.
  • To facilitate the hiring decision, the Applicant Screening Matrix should be used to objectively and accurately assess and compare applicants’ qualifications, and to screen applicants for interviews.
  • Use the Interview Matrix to assist in the selection of a “finalist” from the interview process.
  • The matrices, questions and responses should be maintained by the department for a minimum of two years.

 

EEO COMPLIANCE   Top

35. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that sexual misconduct, sexual harassment and intimate partner violence (domestic violence, dating violence, and stalking) in any form will not be tolerated, the offending employee may be subject to disciplinary action, and that all incidents are to be reported to Equal Opportunity Services immediately.

HOP 9.24 – Sexual Harassment and Sexual Misconduct

UTSA Office of Equal Opportunity Services Website
  • Recognize sexual harassment includes conduct that interferes with an individual’s work performance or creates an intimidating, hostile or offensive work environment. Sexual harassment may include telling sexually explicit jokes, making inappropriate comments, or sending e- mails to one another containing jokes of a sexual nature.
  • Offensive behavior and comments in the workplace can constitute a hostile work environment, even if other people deem such conduct harmless, insignificant or they take no offense to it.
  • A workplace can easily develop into a culture that tolerates inappropriate behavior and comments if it is not addressed. This creates the potential to: negatively impact employees and the work environment, fall below acceptable standards for professional conduct and create a sense of discomfort that results in behavior that violates university policy.
  • Set expectations, communicate them to your employees, and remind employees about the sexual harassment policy and procedures.
  • Ensure employees know where in the HOP they can find the policies on Sexual Harassment and Sexual Misconduct (HOP 9.01 and 9.24).
  • Ensure you comply with the sexual harassment policies and procedures by not initiating inappropriate actions, participating in inappropriate discussions, or condoning such actions or discussions by choosing to remain silent.
  • Ensure employees know the requirements for reporting acts of sexual harassment and sexual violence and relationship violence reported to them by students in accordance with Title IX of the Education Amendments of 1972 and the Campus SaVE Act.
  • Ensure all responsible employees and employees with heightened obligations for reporting sexual harassment, sexual violence and relationship violence receive Title IX and Campus SaVE training.

 


36. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that various forms of discrimination, including discrimination based upon any protected category, including sexual orientation, is prohibited by state and federal laws and/or by University policy, and that all incidents are to be reported to Equal Opportunity Services immediately.

HOP 9.01- Nondiscrimination

UTSA Office of  Equal Opportunity Services Website

United States Equal Employment Opportunity Commission
  • Recognize your role and responsibilities as a manager in taking action to prevent discrimination, including:
    • Examining your own behavior and making sure you lead by example.
    • Identifying early signs of unprofessional behavior that may require preventive measures.
    • Identifying specific behaviors requiring proactive measures or immediate intervention.
  • Ensure employees know where in the HOP they can find the policies on Nondiscrimination (HOP 9.01).
  • UTSA prohibits discrimination in all areas of employment, including recruitment, hiring, training, assignments, promotion, discipline and termination.
  • Employment discrimination occurs if it is based on race, color, religion, sex, national origin, age, disability, veteran status, or sexual orientation, gender identity or gender expression.
    • Treating one employee differently than another who is similarly situated.
    • Any employment practice no matter what the intent, if it has a disparate impact on any employee including members of a protected class, which includes women, minorities, individuals with disabilities, veterans, persons over 40 years old and Lesbian, Gay, Bisexual, Transgender and Queer/Questioning.

     


37. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed to refer individuals reporting incidents of sexual harassment and/or discrimination to contact the Office of Equal Opportunity Services immediately.

HOP 9.01- Nondiscrimination

HOP 9.24 – Sexual Harassment and Sexual Misconduct

HOP 9.04 - Consensual Relationships

UTSA Office of Equal Opportunity Services Website

 

  • The Office of Equal Opportunity Services investigates complaints of discrimination and harassment for students, faculty, staff and visitors/guests of the University.

38. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that all complaints of sexual harassment and/or discrimination should be filed as soon as possible after the conduct giving rise to the complaint.

HOP 9.01- Nondiscrimination

HOP 9.24 – Sexual Harassment and Sexual Misconduct

HOP 9.04 - Consensual Relationships

Office of Equal Opportunity Services Website


  • As a University official, report incidences and/or complaints to the Office of Equal Opportunity Services (EOS) immediately.
  • Review information on the EOS Website and encourage employees to review the site and make note of the contact names and numbers.

39. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that it is unlawful to retaliate against an employee who has reported an allegation of wrongdoing or is participating in an investigation pertaining to allegations of wrongdoing.

HOP 9.01- Nondiscrimination

HOP 9.24 – Sexual Harassment and Sexual Misconduct

Whistleblower Policy

UTSA Office of Equal Opportunity Services Website

 

  • UTSA is committed to an environment which prohibits retaliation for engaging in protected activities such as reporting or filing an EOS complaint of discrimination or harassment.
  • Encourage employees to report allegations of discrimination and harassment.
  • Prohibit unlawful retaliation against employees for reporting and/or participation in an investigation pertaining to discrimination and harassment.
ENVIRONMENTAL HEALTH, SAFETY AND RISK MANAGEMENT   Top

40. There is a process in my area/department to ensure departmental activities comply with applicable rules, regulations, and best practices relating to occupational health, safety and the environment to include:
    • Use and disposal of hazardous chemicals, biological agents and other regulated waste materials in areas where applicable such as labs, Facilities shops and art studios;
    • Proper preventative measures for maintaining equipment and facilities in a safe working order for all employees, students and visitors; and
    • Keeping my work area in compliance with NFPA 101 - Life Safety Code by keeping exit pathways clear, not using electrical extension cords, not obstructing access to fire alarms or extinguishers, and keeping at least 18 inches of clearance between storage or installed equipment and the ceiling or wall mounted fire sprinklers.

     

UTSA Office of Environmental Health, Safety and Risk Management Website

HOP 9.05 - Occupational Safety and Health Policy

HOP 9.06 - Procedures for Compliance with the Texas Hazard Communication Act

HOP 9.25 - Hazardous Waste Management Program
  • Inform your staff that policies and safety manuals governing health and safety are referenced on the Office of Environmental Health, Safety and Risk Management (EHSRM) website.
  • The NFPA 101 Life Safety Code is enforced by the Texas State Fire Marshal who is the Authority Having Jurisdiction (AHJ) for fire and life safety at all state owned buildings and property. UTSA EHSRM is designated as the local AHJ / Fire Marshal for UTSA buildings and property.
  • Contact the EHSRM Office at 458-5250 for more information, concerns or questions and you will be directed to appropriate divisional personnel regarding occupational health and safety, hazardous waste disposal or fire safety.

41. There is a process in my area/department to ensure department staff attend applicable safety training courses mandated by the UTSA Environmental Health, Safety, and Risk Management Office, State of Texas and federal regulations to include:

    1. Texas Hazard Communication Act, and TX Blood Borne Pathogen Rule; and
    2. Texas Commission on Environmental Quality (TCEQ) and Federal EPA/OSHA/DOT regulations governing hazardous waste operations.

 

UTSA Office of Environmental Health, Safety and Risk Management Website

UTSA Human Resources Training and Development

  • Ensure clinical, emergency response, Facilities employees attend appropriate hazard communication safety training prior to working with hazardous chemicals, paints, glazes, or toxins.
  • Ensure research, clinical, emergency response and Facilities employees who may be exposed to human or non-human primate blood, cells, tissues and body fluids attend initial bloodborne pathogens training, are offered the HBV Vaccine, and the annual refresher training.
  • Ensure clinical, Facilities and Art studio employees generating hazardous biological, chemical or radioactive material waste attend Hazardous Waste Generator’s Safety Training.
  • Training is mandated by the following rules and regulations: Texas Department of State Health Services (DSHS) in the Texas Hazard Communication Act and TX Bloodborne Pathogen Rule; and federal CDC/USDA Select Agent Rules as per the UTSA Occupational Health Program and TCEQ /EPA / OSHA/DOT regulations governing hazardous waste operations.
  • Contact EHSRM at 458-5250 with any questions regarding this training.

 


42. I am aware and employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that it is important to be responsive to any safety, health or environmental concerns raised by faculty, staff or students and to report all employee accidents, injuries and exposures to hazardous agents to Environmental, Health, Safety and Risk Management (EHSRM), regardless of whether they were formally reported by the employee. In addition, there is a process in my area to maintain contact with employees who have lost time due to injuries and encourage them to return to work within the scope of restrictions placed upon them by authorized treating physicians.

HOP 9.05 - Occupational Safety and Health Policy

HOP 9.06 - Procedures for Compliance with the Texas Hazard Communication Act

HOP 9.25 - Hazardous Waste Management Program UTSA Office of Environmental Health, Safety and Risk Management Website

 

  • Contact EHSRM at 458-5250 if there are any concerns or questions regarding reporting a work related injury, exposure, or illness and you will be directed to the appropriate individual to assist you.
  • You can also refer to the EHSRM website for specific contact persons, information and forms for reporting injuries or exposures, and the UTSA Return to Work Program.
  • Dial “911” or 4911 on campus phone for emergencies.
  • Off campus and on cellular phones dial 458-4911 to contact the UTSA Police Department in an emergency (non-emergency number is 458- 4242).
  • The UTSA Police maintain emergency information for EHSRM personnel to respond to accidents, fires, hazardous material spills and other emergencies as necessary

43. There is a process in my area/department to ensure employees who may be exposed to hazardous materials or environmental conditions in the normal course of their duties are evaluated and trained for working with these exposure risks. Where these hazards exist, they are mitigated through a combination of environmental controls, personal protective equipment, or approved vaccinations in consultation with a licensed healthcare professional.

UTSA Office of Environmental Health, Safety and Risk Management Website

HOP 2.44 - Minors in Laboratories or Similar Facilities
  • Ensure employees exposed to potentially hazardous levels of noise, particulate dust, hazardous chemicals, ionizing radiation, infectious biological agents, or work with research animals are enrolled in the UTSA Occupational Health Program (OHP) and evaluated for respiratory protection, vaccination status, and/or hearing conservation
  • Contact the Occupational Health Coordinator, RN at 458-5304 for more information and questions about enrollment in the OHP.
  • Contact the Occupational Health & Wellness Manager at 458-6102 for more information and questions about job hazard assessments or ergonomic evaluations in the workplace.

 


44. There is a process in my department to review and risk assess specialized equipment deemed critical to departmental or University operations, and determine if it has been adequately insured against complete loss.

UTSA Office of Environmental
Health, Safety and Risk Management Website
  • Most equipment falls under UTSA’s general Comprehensive Property Protection Plan insurance coverage which has a $250,000 deductible. All claims over $25,000 must be reported to UT System Office of Risk Management (UT-ORM) and should be routed through UTSA’s Risk & Life Safety Manager.
  • UT-ORM offers low cost, low deductible insurance coverage for equipment valued under $250,000 or to help with covering the first
  • $250,000 of value. Contact the UTSA Risk & Life Safety Manager at 458-4420 to assist with the equipment risk assessment and to obtain insurance coverage.

 

UTSA POLICE   Top

45. I am aware that employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that emergencies, crimes, illegal activity, suspicious packages and dangerous or potentially harmful events should be reported to the UTSA Police Department immediately.

UTSA Police

UTSA Business Continuity and Emergency Management Office
  • From a cellular phone, dial 210-458-4911 to contact UTSA Police.
  • Ensure a list of essential phone numbers and contact persons is available and can be easily accessed by all employees.
  • All employees should know that University Police is located at BOS 1.100, (1604 Campus), BV 1.303 (DTC), Security Desk (ITC)
  • Information regarding reporting crimes and hazards can be found on the UTSA Police Website

 


46. I am aware that employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed to contact UTSA Police if illegal activity is suspected.

UTSA Police
  • From a cellular phone, dial 210-458-4911 to contact UTSA Police.
  • Ensure a list of essential phone numbers and contact persons is available and can be easily accessed by all employees.
  • Information regarding reporting crimes and hazards can be found on the UTSA Police Website.
  • All employees should know that UTSA Police is located at BOS 1.100, (1604 Campus), BV 1.303 (DTC), Security Desk (ITC)

 

KEY AND CARD ACCESS   Top

47. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that lost or stolen keys or access ID cards should be reported to the UTSA Police and Security Services immediately.

HOP 8.04 - Keys to University
Facilities
  • Managers should be aware of the policies regarding keys and access to university facilities.
  • Managers should ensure their employees know and adhere to University policy on keys and access to University facilities.
  • Supervisors shall limit the number of master key requests to only those who absolutely need a master key.
  • It is the responsibility of the supervisor to retrieve keys, return them to Security Services and request to have card access removed from terminating or transferring employees.
  • Lost or stolen keys may result in a re-key of a space as determined by the Director of Security Services.

 


48. Only the appropriate administrative head of an academic or administrative department is allowed to request keys being assigned to employees. There is a process in my area/department to ensure that keys or access ID cards for new employees are obtained by sending the employee’s information to the Security Services Office.

UTSA Security Services Information

HOP 8.04 - Keys to University Facilities
  • All employees should know the Security Services Department is located at BOS 1.200, can be contacted at 458-6855 or Emailed at security.services@utsa.edu.
  • No transfer of keys is permitted, per HOP 8.04.
  • No keys will be issued to doors that have electronic access control such as card readers.
  • The Access Request Authorization form is available on the Security Services section of the UTSA Police Website.
  • The department’s designated authorized requestor should request for access by use of the Security Services electronic forms. It is the responsibility of the supervisors to remove authorized requestors from any Security Services record.

 

EMERGENCY PREPAREDNESS   Top

49. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) are aware of emergency evacuation procedures.

UTSA Community Emergency
Response Guide
  • Managers should ensure their employees are familiar UTSA Emergency Response Guide.
  • Ensure a list of essential phone numbers and contact persons is available and can be easily accessed by all employees.
  • Know your building floor captains. Managers can obtain the name and contact number of the appropriate Floor Captain Safety Liaisons in their building by emailing the UTSA Office of Emergency Management at BePrepared@utsa.edu or by calling 458-6851.

 

50. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed of emergency evacuation procedures and that all employees are required to participate in all evacuation drills.

 


UTSA Community Emergency
Response Guide
  • Communicate to employees that all evacuation drills should be taken seriously.
  • Have a plan for helping employees who need additional assistance in an evacuation.

51. I know who my Floor Captain Safety Liaisons are and have informed my area/department staff they should refer to the Business Comtinuity and Emergency Management Website for information regarding Floor Captain Safety Liaisons.

UTSA Community Emergency Response Guide

Training: See the Emergency Preparedness of the Training & Development Class Schedule.

 

http://alerts.utsa.edu/utsa-community-emergency-response/

  • Know your Floor Captain Safety Liaisons. Managers can obtain the name and contact number of the appropriate Floor Captain Safety Liaisons in their building by emailing the UTSA Office of Emergency Management at BePrepared@utsa.edu or by calling 458-6851.You are encouraged to participate in the Floor Captain Safety Liaison program.
  • If your office does not have a Floor Captain, please identify someone who can serve that role, and connect them to Emergency Management by emailing BePrepared@utsa.edu or x6851 to register for training.

 


52. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed that suspicious packages or devices should be immediately reported the UTSA Police.

FBI Advisory on Suspicious Packages

UTSA Office of Emergency Management

Bomb Threat Checklist

 

INFORMATION SECURITY   Top

53. All users of UTSA information resources in my area are aware of and comply with the requirements of the UTSA Standard for Passphrase and Password which include selecting a strong passphrase, never disclosing, writing down or sharing account passphrases and enabling a passphrase protected screen saver (or logging off) when computing devices are left unattended.

 

HOP 8.15 – Acceptable Use Policy

UTSA Standard for Passphrase and Passwords
  • When assigning work or computers to your employees, ensure that each user has a separate computer account.

54. I am aware and have informed my area/department staff that all computers should have screensavers with passphrase protection activated.

 


HOP 8.15 – Acceptable Use
Policy
  • When users leave their computers unattended, passphrase protected screensavers reduce the risk of access by an unauthorized user.

55. All users of UTSA information resources in my area are aware of and comply with the Standard Software Licensing requirements, including installing only properly licensed software on UTSA hardware, duplicating software only when legally permitted by the software license, and ensuring copyrighted materials (music, movies, intellectual property, etc.) are not downloaded, stored or shared via UTSA systems or networks unless expressly permitted by the copyright owner in accordance with Federal copyright laws.

HOP 9.11 - Reproduction of Copyright Materials

UTSA Standard for Software Licensing

UTSA Standard for Unauthorized File Sharing

HOP 8.15 – Acceptable Use Policy
  • State-owned computer equipment, including personal computers/servers and the UTSA network, may not be used to download or share copyrighted files.
  • In some cases, companies may permit the purchaser of a CD/DVD to make a single backup copy or may allow transferring of music files to a portable device.
  • If software is to be used in your office, check with the Office of Information Technology (OIT) to ascertain the licensing status, before purchasing or duplicating the software.
  • Managers should ensure that their departments are in compliance with licensing rules for the various types of software used in their departments.

 


56. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed to report information security incidents to the Office of Information Security (OIS) Team.

HOP 8.17 - Information Security Incident Response

UTSA Standards for Incident Response
  • An incident is the use of a computer to violate statutes or regulations; such misuse frequently results in disciplinary action. Be familiar with the Information Security standards and be sure that any irregular use of computing is reported.\
  • Incidents should be reported to 458-5555.

 


57. I am aware and all employees paid from my Cost Center(s)/Project ID(s) (as applicable) have been informed to follow UTSA procedures, including calling OIT Support Services, when installing new computers or hooking up servers.

UTSA Standard for Network Access

UTSA Standard for Change Management (Computing Systems)
  • Always check IT procedures before connecting to the network or installing new hardware. Follow the standard, check with OIT Connect and contact the Information Security Team if you have specific questions.
  • In order to protect the integrity of the University’s network, devices which have been connected without prior approval may be removed or otherwise be prevented from connecting to the network.

 

58. All data stored in my area (paper-based and electronic, including email) has been evaluated to ensure it has a legitimate business purpose and is retained in accordance with policy requirements. It is critical that records be destroyed when the retention requirement has been met.

 

HOP 9.21 - Records and Information Management and Retention

UTSA Standard for Data Classification

59. A review of all computers and/or servers in my area has been performed to determine whether Confidential (Category I data per the UTSA Standard for Data Classification) is being stored electronically and the data is physically and technically safeguarded to allow access only to those employees who need the information to perform their job responsibilities.

Note: Category I data includes: Student records, litigation, law enforcement data, Social Security Numbers, Credit Cards, health related research, reports marked confidential, passphrases.

 

UTSA Standard for Data Classification

UTS 165 (UT System Information Resources Use and Security Policy)

HOP 4.01 - Code of Ethics

UTSA Standard for passphrase and Passwords

  • Do not share passphrase(s).
  • Lock up confidential information and restrict access.
  • Identify those within your office or department who might use confidential information and be sure they have been trained in the rules regarding privacy.
  • Be sure that backup tapes and computers with confidential information are not available to those who are not approved to handle such records.
  • Do not transmit personally identifiable information via e-mail or through other electronic means.
  • Category 1 data should only be stored on the I – Drive.
  • The UTSA Information Security Officer is Kevin Kjosa.

60. All laptops must be encrypted. Also desktops purchased after September 1, 2013 or store Category 1 data must be encrypted.

 


UTSA Standard for Data Encryption
  • All category 1 data will be stored on a network storage drive if possible.

61. I have determined the frequency and extent to which backups will be performed of departmental data to match the information’s importance and risk of loss in order to ensure business continuity.

HOP 8.15 – Acceptable Use Policy

UTSA Standard for Enterprise Backup and Data Recovery

  • Create a backup and recovery plan that allows for business continuity in the event of data loss or no availability.
  • Off-site backup options should meet or exceed the UTSA standards as well as any applicable state laws.
  • Testing should be performed to ensure proper recovery will occur in the event of an outage.
  • The plan should be reviewed and updated yearly.

 


62. Ensure any (University owned or Personal) mobile device (tablets, phone, etc.) accessing the UTSA network be configured with equivalent security options as would be required on a University-owned resource storing similar data or performing similar functions.

UTSA Standard for Portable Computing Security

UTSA Standard for Information Resoruces Users

  • Device must be protected by a PIN or other protection method native to the device.
  • Device should be encrypted.
  • Device should have remote wipe (reset) enabled, if that feature is available.
  • Before a mobile device that contained UTSA data is sold, transferred or returned, the user must ensure that all of the data has been deleted.

63. All UTSA owned computing devices must be entered into Insight. Devices tagged by UTSA Inventory Control are automatically loaded into Insight. Non-inventoried assets are not being recorded in the UTSA Inventory system because of cost limits (under $500) or other rules. Department ID owners and their delegates must enter them into InSight at the Computer Categorization Summary page. Computing devices are defined as desktops, laptops, tablets, and smart phones.

 

UTSA Standard for Configuration and Asset Management

InSight
  • Add Non-inventoried assets to InSight.
    Top

If you have any questions regarding the Management Assessment Tool (MAT), please contact Institutional Compliance and Risk Services.

Institutional Compliance and Risk Services
210-458-4992
InsitutionalCompliance@utsa.edu